ldap

[Julian Macassey]

On 2013-06-24 at 18:06, A.L.M.Buxey at lboro.ac.uk (A.L.M.Buxey at lboro.ac.uk) wrote:

> Hi,
> 
> > > Always start simple.  Run radtest on the RADIUS server box
> > > using 127.0.0.1 ... THEN move to running against it from other
> > > systems once you've verified all authentication etc is working
> >  
> > 	Works on localhost.
> > 
> > 	Trying to get radius to authenticate against an ldap
> > server. 
> 
> 
> if localhost works, then the authentications cannot get though
> to the server on its IP socket so you need to edit the host
> firewall (ad any other ACLs that might be blocking the traffic)
> 
> iptables -L -n   - check for UDP 1812 being allowed

iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp
dpt:1812

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

> 
> 
> as for what you say you are doing and what you are doing...that
> radtest is simply sending RADIUS auths to a RADIUS server....then the
> server will use whatever methods you have configured for AAA - right now
> its doing absolutely nothing at all as the server is not receiving
> your packets - this has nothing to do with an LDAP server right now

	Does this mean that:

# radtest evergreen at plumgrid.com "Y0V2T2VAKI" 192.168.10.14 0 d1sc0verplum

	Is not sending my radius request to the ldap server
(192.168.10.14)?

	In which case, how do I test that freeradius is working
with ldap?

	Does this mean I need to set up say a WiFi router to use
WPA2 Enterprise and send auth requests to the radius server and
then the radius server passes requests to the ldap server. This
is how I want it to work eventually, but I thought the steps
should be: Test radius as localhost. Test radius to ldap. Test
WPA2 Enterprise to radius server, which will pass username and
password of user to ldap.